[unisog] Scans on tcp/41523

Nicholas Ianelli ni at cert.org
Mon Feb 14 17:36:30 GMT 2005


Keith,

There is a working exploit out for the ARCserve backup (part of the 
Metasploit framework):

http://www.k-otik.com/exploits/20050213.cabrightstor_disco_servicepc.pm.php
http://www.k-otik.com/exploits/20050213.cabrightstor_disco.pm.php

You may also want to check out:
http://secunia.com/advisories/14233/

I believe the servicepc one is also unpatched, if I recall correctly there 
is PoC out based on tcp and udp.

Nick

--On Monday, February 14, 2005 9:39 AM -0600 Keith Schoenefeld 
<schoenk at utulsa.edu> wrote:

> I'm not sure what's going on yet, but I've started picking up a
> reasonably large number of scans on port tcp/41523 from off campus.  The
> Internet Storm Center at SANS (isc.sans.org) has a cool tool where you
> can look up a port and see if other people are picking up scans on
> specific ports.  On Feb. 12th, there were 144 total scans reported to
> isc on port 41523.  For today, and total of 46,000 scans had been
> reported (a 31,844% increase if my math is correct).  Something is up.
> Anyone know of any new worm that creates a backdoor on tcp/41523?
>
> -- KS
>
> --
> Keith Schoenefeld
> Manager of College Computer Services
> College of Engineering and Natural Sciences
> The University of Tulsa
>
>
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog







More information about the unisog mailing list